#!/bin/bash
MEFRPS_VERSION=0.61.1
read -p "您是否安装过 ME Frp 4.0 服务端? (y/n): " IS_INSTALLED
if [ "$IS_INSTALLED" = "y" ]; then
    echo "尝试清理 ME Frp 4.0 服务...若此处报错请忽略"
    systemctl stop frps || true
    rm -f /etc/frp/frps.ini
    rm -f /etc/frp/frps.toml
    rm -f /usr/local/bin/frps
    rm -f /etc/systemd/system/mefrps.service
    echo "清理完毕, 开始安装 ME Frp 5.0 服务端..."
else
    echo "开始安装 ME Frp 5.0 服务端..."
fi
touch /etc/systemd/system/mefrps.service
mkdir -p /etc/frp
touch /etc/frp/frps.toml

# 获取系统架构
SYSTEM_ARCH="amd64"
DOWNLOAD_URL="https://resources.mefrp.com/d/ME-Frp/115Life/MEFrps/${MEFRPS_VERSION}/mefrps_linux_${SYSTEM_ARCH}_${MEFRPS_VERSION}.tar"

echo "正在下载 ME Frp 5.0 服务端..."
curl -o mefrps.tar $DOWNLOAD_URL
tar -xvf mefrps.tar -C /usr/local/bin
rm -f mefrps.tar
mv /usr/local/bin/mefrps_linux_${SYSTEM_ARCH}_${MEFRPS_VERSION}/mefrps /usr/local/bin/mefrps
rm -rf /usr/local/bin/mefrps_linux_${SYSTEM_ARCH}_${MEFRPS_VERSION}
chmod +x /usr/local/bin/mefrps

NODE_ID="76"
SERVER_PORT="62000"
WEB_PORT="7001"
ALLOW_PORTS="10000-60000"
ADMIN_PASSWORD="b9ceff0d809c6b5d25355219f27614a2"

ALLOW_PORTS_START=$(echo $ALLOW_PORTS | cut -d '-' -f 1)
ALLOW_PORTS_END=$(echo $ALLOW_PORTS | cut -d '-' -f 2)

cat > /etc/frp/frps.toml << EOF
bindPort = ${SERVER_PORT}
allowPorts = [{ start = ${ALLOW_PORTS_START}, end = ${ALLOW_PORTS_END} }]
webServer.addr = "0.0.0.0"
webServer.port = ${WEB_PORT}
webServer.user = "admin"
webServer.password = "${ADMIN_PASSWORD}"
mefrpApi.apiUrl = "https://api.mefrp.com"
mefrpApi.token = "MEFrpServerToken"
mefrpApi.nodeId = ${NODE_ID}
EOF

# 根据允许的类型配置HTTP和HTTPS
ALLOW_TYPE="tcp;udp;http;https"
if [[ $ALLOW_TYPE == *"http"* ]]; then
    echo "vhostHTTPPort = 80" >> /etc/frp/frps.toml
fi

if [[ $ALLOW_TYPE == *"https"* ]]; then
    echo "vhostHTTPSPort = 443" >> /etc/frp/frps.toml
fi

echo "[auth]" >> /etc/frp/frps.toml
echo "method = \"token\"" >> /etc/frp/frps.toml
echo "token = \"MEFrpServerToken\"" >> /etc/frp/frps.toml

echo "正在创建 systemd 服务..."
cat > /etc/systemd/system/mefrps.service << EOF
[Unit]
Description=ME Frp Server
After=network.target

[Service]
Type=simple
User=root
Restart=on-failure
RestartSec=5s
ExecStart=/usr/local/bin/mefrps -c /etc/frp/frps.toml

[Install]
WantedBy=multi-user.target
EOF

# 设置服务权限
chmod 644 /etc/systemd/system/mefrps.service

# 配置防火墙
echo "配置防火墙..."
if command -v firewall-cmd &> /dev/null; then
    firewall-cmd --permanent --add-port=$SERVER_PORT/tcp
    firewall-cmd --permanent --add-port=$WEB_PORT/tcp
    firewall-cmd --permanent --add-port=$ALLOW_PORTS_START-$ALLOW_PORTS_END/tcp
    [[ $ALLOW_TYPE == *"http"* ]] && firewall-cmd --permanent --add-port=80/tcp
    [[ $ALLOW_TYPE == *"https"* ]] && firewall-cmd --permanent --add-port=443/tcp
    firewall-cmd --reload
elif command -v ufw &> /dev/null; then
    ufw allow $SERVER_PORT/tcp
    ufw allow $WEB_PORT/tcp
    ufw allow $ALLOW_PORTS_START:$ALLOW_PORTS_END/tcp
    [[ $ALLOW_TYPE == *"http"* ]] && ufw allow 80/tcp
    [[ $ALLOW_TYPE == *"https"* ]] && ufw allow 443/tcp
    ufw reload
else
    echo "警告：未找到支持的防火墙工具，请手动开放端口"
fi

# 重新加载systemd并启动服务
systemctl daemon-reload
systemctl enable mefrps
systemctl start mefrps

echo "安装完成！服务状态："
systemctl status mefrps

echo "ME Frp 5.0 服务端安装完成"
echo "请将以下信息与 服务器IP、带宽、简介 提交给管理员:
nodeId: $NODE_ID
servicePort: $SERVER_PORT
adminPort: $WEB_PORT
adminPassword: $ADMIN_PASSWORD
allowType: $ALLOW_TYPE
allowPorts: $ALLOW_PORTS
allowGroup: admin;sponsor;default;vip;noRealname"